Simplifying access to the ERL Private wiki

Motivation

We've had several discussions about the possibility of relaxing read restrictions on the ERL Private wiki. In general, people want the wiki accessible (readable) by anyone with a valid LEPP account. However, ERL Management does not want anyone who happens to be on our network to have access to sensitive information.

Proposal

If we remove the TWiki read restriction on the ERL/Private wiki, no-one will have to register with the wiki to read. They would only need to register with TWiki and be added to the erl if they want to edit.

However, everyone will still need to authenticate with their LEPP Network principals to read anything in the Private ERL wiki. Users not knowing their network principal should reset it themselves (see UserAccountsAndPasswords) or ask service@lepp.cornell.edu for assistance.

Caveats

• If we remove TWiki read restriction on the Private/ERL wiki, then content from this wiki will be included in any "all webs" search results. Unauthenticated users will only see the page title and the page's first line of text, however. They will not be able to actually view the page or attachment without first authenticating with a LEPP network principal.

Looking ahead

Looking further into the future, we plan on deploying an LDAP server that can serve users and groups to Windows, Unix (Linux), TWiki, etc. This should greatly simplify the registration process with TWiki (if one is even still needed).